1. Field of the Invention
The present invention relates to the field of computing security and more particular to file system security.
2. Description of the Related Art
Computing security has increasingly become the focus of information technologists who participate in locally and globally accessible computer networks. In particular, with the availability and affordability of network computing, even within the small enterprise, many computers and small computer networks provide access to a substantial number of end users continuously. Notwithstanding, the efficiencies gained, network computing is not without its price. Specifically, those computers and computer networks which heretofore had remained disconnected from the security risks of the Internet now have become the primary target of malicious Internet hackers, crackers and script kiddies, collectively referred to as “malicious hackers”.
Computing networks incorporate gateway switches to regulate the ingress and egress of information into different segments of the network. Firewall technologies have been deployed in association with gateway switches in order to impede the penetration of a computing network by a malicious hacker. Generally, a firewall inspects incoming packets of data in order to detect patterns of information known to be associated with the activities of a malicious hacker. The patterns can be detected statically by referencing to known table of patterns, or dynamically according to the stateful inspection of packets.
Managing network access only partially addresses the requirements of network security for a computing network. File access also must be managed so as to permit only authorized users to access and manipulate files within a file system. Whereas in network access, the content of information flowing into and out from the network forms the basis of security management, for file system file access, user rights and access control policies own the day. Specifically, the ability of a user to access a file within the file system largely depends upon the rights assigned to the user and the permissions associated with the file.
While addressing file system security from the perspective of the identity of the user seeking access to a file remains a sensible proposition, exclusively doing so ignores the reality that application code can maliciously impede the operation of a computing environment equally as effectively as a malicious minded end user. Worse yet, application code can impart its damage upon the file system irrespective of the sophistication and knowledge of the end user invoking the execution of the application code. Yet, access control for a file system exclusively relies upon end user associated permissions. Accordingly, file system access remains a point of vulnerability in the computing enterprise.